Bug#26585560 - MYSQL DAEMON SHOULD CREATE ITS PID FILE AS

ROOT DESCRIPTION =========== If the .pid file is created at a world-writable location, it can be compromised by replacing the server's pid with another running server's (or some other non-mysql process) PID causing abnormal behaviour. ANALYSIS ======== In such a case, user should be warned that .pid file is being created at a world-writable location. FIX === A new function is_file_or_dir_world_writable() is defined and it is called in create_pid_file() before .pid file creation. If the location is world-writable, a relevant warning is thrown. NOTE ==== 1. PID file is always created with permission bit 0664, so for outside world its read-only. 2. Ignoring the case when permission is denied to get the dir stats since the .pid file creation would fail anyway in such a case.
2025-08-07 00:04:31 +03:00 · 2017-12-02 15:12:32 +05:30
parent 8bc828b982
commit ecc5a07874
5 changed files with 98 additions and 3 deletions
--- a/include/sql_common.h
+++ b/include/sql_common.h
@@ -107,6 +107,7 @@ void mysql_client_plugin_deinit();
 struct st_mysql_client_plugin;
 extern struct st_mysql_client_plugin *mysql_client_builtins[];
 extern my_bool libmysql_cleartext_plugin_enabled;
+int is_file_or_dir_world_writable(const char *filepath);

 #ifdef	__cplusplus
 }